Reporting monitored parameter information

ABSTRACT

Apparatuses, methods, and systems are disclosed for reporting monitored parameter information. One method includes receiving an indication to monitor parameters in an idle mode. The method includes monitoring the parameters in the idle mode. The method includes transmitting a request to a first base station. The method includes, in response to not receiving a correct response from the first base station: performing a cell reselection resulting in selection of a second base station; and transmitting a failure report to the second base station. The failure report includes information corresponding to the parameters monitored in the idle mode.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of patent application Ser. No.16/010,912 entitled “REPORTING MONITORED PARAMETER INFORMATION” filed onJun. 18, 2018, which claims priority to U.S. Patent Application Ser. No.62/521,266 entitled “REPORTING OF ROGUE BASE STATION DETECTION” andfiled on Jun. 16, 2017 for Andreas Kunz which is incorporated herein byreference in its entirety.

FIELD

The subject matter disclosed herein relates generally to wirelesscommunications and more particularly relates to reporting monitoredparameter information.

BACKGROUND

The following abbreviations are herewith defined, at least some of whichare referred to within the following description: Third GenerationPartnership Project (“3GPP”), Fifth Generation (“5G”), AuthenticationAuthorization and Accounting (“AAA”), Positive-Acknowledgment (“ACK”),Acknowledged Mode (“AM”), Access and Mobility Management Function(“AMF”), Access Server (“AS”), Access Point (“AP”), AuthenticationCenter (“AuC”), Authentication Server Function (“AUSF”), AuthenticationToken (“AUTN”), Base Station (“BS”), Bandwidth (“BW”), Cell Group(“CG”), Cipher Key (“CK”), Cell Radio Network Temporary Identifier(“C-RNTI”), Common Physical Downlink Control Channel (“C-PDCCH”),Dedicated Control Channel (“DCCH”), Downlink (“DL”), DemodulationReference Signal (“DMRS”), Domain Name System (“DNS”), Enhanced MobileBroadband (“eMBB”), Evolved Node B (“eNB”), Enhanced SubscriberIdentification Module (“eSIM”), Equipment Identity Register (“EIR”),Evolved Packet Core (“EPC”), European Telecommunications StandardsInstitute (“ETSI”), E-UTRAN Radio Access Bearer (“E-RAB”),Evolved-Universal Terrestrial Radio Access Network (“E-UTRAN”),Frequency Division Duplex (“FDD”), Frequency Division Multiple Access(“FDMA”), Fully Qualified Domain Name (“FQDN”), 5G Node B (“gNB”),General Packet Radio Service (“GPRS”), Global System For MobileCommunications “GSM”, Global System For Mobile CommunicationsAssociation (“GSMA”), Hybrid Automatic Repeat Request (“HARQ”), HomePolicy Control Function (“H-PCF”), Home Public Land Mobile Network(“HPLMN”), Home Subscriber Server (“HSS”), Identity or Identifier orIdentification (“ID”), Information Element (“IE”), Integrity Key (“IK”),International Mobile Equipment Identity (“IMEI”), International MobileSubscriber Identity (“IMSI”), Internet-of-Things (“IoT”), Key DerivationFunction (“KDF”), Layer 2 (“L2”), Logical Channel Identifier (“LCID”),Logical Channel Prioritization (“LCP”), Long Term Evolution (“LTE”),Multiple Access (“MA”), Medium Access Control (“MAC”), Master Cell Group(“MCG”), Modulation Coding Scheme (“MCS”), Mobile Country Code (“MCC”),Mobile Network Code (“MNC”), Machine Type Communication (“MTC”), MasterInformation Block (“MIB), Mobility Management (“MM”), MobilityManagement Entity (“MME”), Non-Access Stratum (“NAS”), Narrowband(“NB”), Negative-Acknowledgment (“NACK”) or (“NAK”), Network Entity(“NE”), Next Generation Node B (“gNB”), New Radio (“NR”), Operation andMaintenance Center (“OAM”), Open Mobile Alliance Device Management (“OMADM”), Orthogonal Frequency Division Multiplexing (“OFDM”), Over-the-Air(“OTA”), Physical Broadcast Channel (“PBCH”), Policy Control Function(“PCF”), Packet Data Convergence Protocol (“PDCP”), Protocol Data Unit(“PDU”), Public Land Mobile Network (“PLMN”), Primary SynchronizationSignal (“PSS”), Pointer (“PTR”), Quality of Service (“QoS”), RandomAccess Channel (“RACH”), Radio Access Technology (“RAT”), Resource Block(“RB”), Radio Link Control (“RLC”), Radio Link Failure (“RLF”), RadioNetwork Layer (“RNL”), Radio Resource Control (“RRC”), Radio ResourceManagement (“RRM”), Radio Access Network (“RAN”), Reference SignalReceived Power (“RSRP”), Reference Signal Received Quality (“RSRQ”),Receive (“RX”), Secondary Cell Group (“SCG”), Secondary SynchronizationSignal (“SSS”), Service Data Unit (“SDU”), Sequence Number (“SN”),Single Carrier Frequency Division Multiple Access (“SC-FDMA”),Subscriber Management Function (“SMF”), Signal-to-Noise Ratio (“SNR”),Subscriber Identity Module (“SIM”), System Information Block (“SIB”),Sidelink (“SL”), Shared Channel (“SCH”), Synchronization Signal (“SS”),Subscription Concealed Identifier (“SUCI”), Subscription PermanentIdentifier (“SUPI”), Timing Advance Group (“TAG”), Tracking Area (“TA”),Time Division Duplex (“TDD”), Transport Network Layer (“TNL”),Transmission Time Interval (“TTI”), Transmit (“TX”), Unified DataManagement (“UDM”), User Data Repository (“UDR”), User Entity/Equipment(Mobile Terminal) (“UE”), Universal Integrated Circuit Card (“UICC”),Uplink (“UL”), Universal Mobile Telecommunications System (“UMTS”), UserPlane Function (“UPF”), Ultra-Reliable Low-Latency Communication(“URLLC”), Universal Subscriber Identity Module (“USIM”), Universal TimeCoordinated (“UTC”), Visited Policy Control Function (“V-PCF”), VisitedPublic Land Mobile Network (“VPLMN”), and Worldwide Interoperability forMicrowave Access (“WiMAX”). As used herein, “HARQ-ACK” may representcollectively the Positive Acknowledge (“ACK”) and the NegativeAcknowledge (“NAK”). ACK means that a TB is correctly received while NAKmeans a TB is erroneously received.

In certain wireless communications networks, there may be a rogue basestation that imitates a real base station by faking being a real basestation. In such networks, detecting the rogue base station may bedifficult.

BRIEF SUMMARY

Methods for reporting monitored parameter information are disclosed.Apparatuses and systems also perform the functions of the apparatus. Inone embodiment, the method includes receiving an indication to monitorparameters in an idle mode. In certain embodiments, the method includesmonitoring the parameters in the idle mode. In various embodiments, themethod includes transmitting a request to a first base station. In someembodiments, the method includes, in response to not receiving a correctresponse from the first base station: performing a cell reselectionresulting in selection of a second base station; and transmitting afailure report to the second base station. In such embodiments, thefailure report includes information corresponding to the parametersmonitored in the idle mode.

In one embodiment, the indication to monitor parameters in the idle modeis received in response to a likelihood of a rogue base station being inan area. In a further embodiment, the parameters monitored in the idlemode include a time in the idle mode during communication with the firstbase station. In certain embodiments, the parameters monitored in theidle mode include a time taken to enter a connected mode duringcommunication with the first base station. In various embodiments, theparameters monitored in the idle mode include a number of attempts tosend a connected mode setup during communication with the first basestation. In some embodiments, the method includes determining whetherthe number of attempts passes a predetermined threshold, and, inresponse to the number of attempts passing the predetermined threshold,determining that a correct response from the first base station is notreceived. In certain embodiments, the parameters monitored in the idlemode include a number of connection mode setup messages that fail due totimeout.

In various embodiments, the parameters monitored in the idle modeinclude a number of identity requests from the first base stationrequesting an international mobile subscriber identity. In someembodiments, the parameters monitored in the idle mode include acomputed confidence level that the first base station is a rogue basestation. In certain embodiments, the method includes ignoringbroadcasted system information from the first base station duringperforming the cell reselection. In various embodiments, not receiving acorrect response from the first base station includes determining asecurity key mismatch, a certificate failure, an authentication failure,and/or a connection setup failure.

An apparatus for reporting monitored parameter information, in oneembodiment, includes a receiver that receives an indication to monitorparameters in an idle mode. In some embodiments, the apparatus includesa processor that monitors the parameters in the idle mode. In variousembodiments, the apparatus includes a transmitter that transmits arequest to a first base station. In certain embodiments, in response tonot receiving a correct response from the first base station: theprocessor performs a cell reselection resulting in selection of a secondbase station; and the transmitter transmits a failure report to thesecond base station. In such embodiments, the failure report includesinformation corresponding to the parameters monitored in the idle mode.

A method for receiving monitored parameter information, in oneembodiment, includes transmitting an indication to a remote unit for theremote unit to monitor parameters in an idle mode. In certainembodiments, the method includes receiving a failure report from theremote unit. In such embodiments, the failure report includesinformation corresponding to the parameters monitored in the idle mode.In various embodiments, the method includes identifying a rogue basestation from the failure report. In some embodiments, the methodincludes transmitting an alarm identifying the rogue base station.

In one embodiment, the alarm includes an identifier of the rogue basestation. In a further embodiment, the indication to monitor parametersin the idle mode is transmitted in response to a likelihood of the roguebase station being in an area used by the remote unit. In certainembodiments, the parameters monitored in the idle mode include a time inthe idle mode during communication with the rogue base station. Invarious embodiments, the parameters monitored in the idle mode include atime taken to enter a connected mode during communication with the roguebase station. In some embodiments, the parameters monitored in the idlemode include a number of attempts to send a connected mode setup duringcommunication with the rogue base station. In certain embodiments, theparameters monitored in the idle mode include a number of connectionmode setup messages that fail due to timeout.

In various embodiments, the parameters monitored in the idle modeinclude a number of identity requests from the rogue base stationrequesting an international mobile subscriber identity of the remoteunit. In some embodiments, the parameters monitored in the idle modeinclude a computed confidence level corresponding to the rogue basestation.

An apparatus for receiving monitored parameter information, in oneembodiment, includes a transmitter that transmits an indication to aremote unit for the remote unit to monitor parameters in an idle mode.In some embodiments, the apparatus includes a receiver that receives afailure report from the remote unit. In such embodiments, the failurereport includes information corresponding to the parameters monitored inthe idle mode. In various embodiments, the apparatus includes aprocessor that identifies a rogue base station from the failure report.In certain embodiments, the transmitter transmits an alarm identifyingthe rogue base station.

BRIEF DESCRIPTION OF THE DRAWINGS

A more particular description of the embodiments briefly described abovewill be rendered by reference to specific embodiments that areillustrated in the appended drawings. Understanding that these drawingsdepict only some embodiments and are not therefore to be considered tobe limiting of scope, the embodiments will be described and explainedwith additional specificity and detail through the use of theaccompanying drawings, in which:

FIG. 1 is a schematic block diagram illustrating one embodiment of awireless communication system for reporting and/or receiving monitoredparameter information;

FIG. 2 is a schematic block diagram illustrating one embodiment of anapparatus that may be used for reporting monitored parameterinformation;

FIG. 3 is a schematic block diagram illustrating one embodiment of anapparatus that may be used for receiving monitored parameterinformation;

FIG. 4 is a schematic block diagram illustrating one embodiment of asystem for reporting and receiving monitored parameter information;

FIG. 5 is a schematic block diagram illustrating another embodiment of asystem for reporting and receiving monitored parameter information;

FIG. 6 is a schematic flow chart diagram illustrating one embodiment ofa method for reporting monitored parameter information; and

FIG. 7 is a schematic flow chart diagram illustrating one embodiment ofa method for receiving monitored parameter information.

DETAILED DESCRIPTION

As will be appreciated by one skilled in the art, aspects of theembodiments may be embodied as a system, apparatus, method, or programproduct. Accordingly, embodiments may take the form of an entirelyhardware embodiment, an entirely software embodiment (includingfirmware, resident software, micro-code, etc.) or an embodimentcombining software and hardware aspects that may all generally bereferred to herein as a “circuit,” “module” or “system.” Furthermore,embodiments may take the form of a program product embodied in one ormore computer readable storage devices storing machine readable code,computer readable code, and/or program code, referred hereafter as code.The storage devices may be tangible, non-transitory, and/ornon-transmission. The storage devices may not embody signals. In acertain embodiment, the storage devices only employ signals foraccessing code.

Certain of the functional units described in this specification may belabeled as modules, in order to more particularly emphasize theirimplementation independence. For example, a module may be implemented asa hardware circuit comprising custom very-large-scale integration(“VLSI”) circuits or gate arrays, off-the-shelf semiconductors such aslogic chips, transistors, or other discrete components. A module mayalso be implemented in programmable hardware devices such as fieldprogrammable gate arrays, programmable array logic, programmable logicdevices or the like.

Modules may also be implemented in code and/or software for execution byvarious types of processors. An identified module of code may, forinstance, include one or more physical or logical blocks of executablecode which may, for instance, be organized as an object, procedure, orfunction. Nevertheless, the executables of an identified module need notbe physically located together, but may include disparate instructionsstored in different locations which, when joined logically together,include the module and achieve the stated purpose for the module.

Indeed, a module of code may be a single instruction, or manyinstructions, and may even be distributed over several different codesegments, among different programs, and across several memory devices.Similarly, operational data may be identified and illustrated hereinwithin modules, and may be embodied in any suitable form and organizedwithin any suitable type of data structure. The operational data may becollected as a single data set, or may be distributed over differentlocations including over different computer readable storage devices.Where a module or portions of a module are implemented in software, thesoftware portions are stored on one or more computer readable storagedevices.

Any combination of one or more computer readable medium may be utilized.The computer readable medium may be a computer readable storage medium.The computer readable storage medium may be a storage device storing thecode. The storage device may be, for example, but not limited to, anelectronic, magnetic, optical, electromagnetic, infrared, holographic,micromechanical, or semiconductor system, apparatus, or device, or anysuitable combination of the foregoing.

More specific examples (a non-exhaustive list) of the storage devicewould include the following: an electrical connection having one or morewires, a portable computer diskette, a hard disk, a random access memory(“RAM”), a read-only memory (“ROM”), an erasable programmable read-onlymemory (“EPROM” or Flash memory), a portable compact disc read-onlymemory (“CD-ROM”), an optical storage device, a magnetic storage device,or any suitable combination of the foregoing. In the context of thisdocument, a computer readable storage medium may be any tangible mediumthat can contain, or store a program for use by or in connection with aninstruction execution system, apparatus, or device.

Code for carrying out operations for embodiments may be any number oflines and may be written in any combination of one or more programminglanguages including an object oriented programming language such asPython, Ruby, Java, Smalltalk, C++, or the like, and conventionalprocedural programming languages, such as the “C” programming language,or the like, and/or machine languages such as assembly languages. Thecode may execute entirely on the user's computer, partly on the user'scomputer, as a stand-alone software package, partly on the user'scomputer and partly on a remote computer or entirely on the remotecomputer or server. In the latter scenario, the remote computer may beconnected to the user's computer through any type of network, includinga local area network (“LAN”) or a wide area network (“WAN”), or theconnection may be made to an external computer (for example, through theInternet using an Internet Service Provider).

Reference throughout this specification to “one embodiment,” “anembodiment,” or similar language means that a particular feature,structure, or characteristic described in connection with the embodimentis included in at least one embodiment. Thus, appearances of the phrases“in one embodiment,” “in an embodiment,” and similar language throughoutthis specification may, but do not necessarily, all refer to the sameembodiment, but mean “one or more but not all embodiments” unlessexpressly specified otherwise. The terms “including,” “comprising,”“having,” and variations thereof mean “including but not limited to,”unless expressly specified otherwise. An enumerated listing of itemsdoes not imply that any or all of the items are mutually exclusive,unless expressly specified otherwise. The terms “a,” “an,” and “the”also refer to “one or more” unless expressly specified otherwise.

Furthermore, the described features, structures, or characteristics ofthe embodiments may be combined in any suitable manner. In the followingdescription, numerous specific details are provided, such as examples ofprogramming, software modules, user selections, network transactions,database queries, database structures, hardware modules, hardwarecircuits, hardware chips, etc., to provide a thorough understanding ofembodiments. One skilled in the relevant art will recognize, however,that embodiments may be practiced without one or more of the specificdetails, or with other methods, components, materials, and so forth. Inother instances, well-known structures, materials, or operations are notshown or described in detail to avoid obscuring aspects of anembodiment.

Aspects of the embodiments are described below with reference toschematic flowchart diagrams and/or schematic block diagrams of methods,apparatuses, systems, and program products according to embodiments. Itwill be understood that each block of the schematic flowchart diagramsand/or schematic block diagrams, and combinations of blocks in theschematic flowchart diagrams and/or schematic block diagrams, can beimplemented by code. The code may be provided to a processor of ageneral purpose computer, special purpose computer, or otherprogrammable data processing apparatus to produce a machine, such thatthe instructions, which execute via the processor of the computer orother programmable data processing apparatus, create means forimplementing the functions/acts specified in the schematic flowchartdiagrams and/or schematic block diagrams block or blocks.

The code may also be stored in a storage device that can direct acomputer, other programmable data processing apparatus, or other devicesto function in a particular manner, such that the instructions stored inthe storage device produce an article of manufacture includinginstructions which implement the function/act specified in the schematicflowchart diagrams and/or schematic block diagrams block or blocks.

The code may also be loaded onto a computer, other programmable dataprocessing apparatus, or other devices to cause a series of operationalsteps to be performed on the computer, other programmable apparatus orother devices to produce a computer implemented process such that thecode which execute on the computer or other programmable apparatusprovide processes for implementing the functions/acts specified in theflowchart and/or block diagram block or blocks.

The schematic flowchart diagrams and/or schematic block diagrams in theFigures illustrate the architecture, functionality, and operation ofpossible implementations of apparatuses, systems, methods and programproducts according to various embodiments. In this regard, each block inthe schematic flowchart diagrams and/or schematic block diagrams mayrepresent a module, segment, or portion of code, which includes one ormore executable instructions of the code for implementing the specifiedlogical function(s).

It should also be noted that, in some alternative implementations, thefunctions noted in the block may occur out of the order noted in theFigures. For example, two blocks shown in succession may, in fact, beexecuted substantially concurrently, or the blocks may sometimes beexecuted in the reverse order, depending upon the functionalityinvolved. Other steps and methods may be conceived that are equivalentin function, logic, or effect to one or more blocks, or portionsthereof, of the illustrated Figures.

Although various arrow types and line types may be employed in theflowchart and/or block diagrams, they are understood not to limit thescope of the corresponding embodiments. Indeed, some arrows or otherconnectors may be used to indicate only the logical flow of the depictedembodiment. For instance, an arrow may indicate a waiting or monitoringperiod of unspecified duration between enumerated steps of the depictedembodiment. It will also be noted that each block of the block diagramsand/or flowchart diagrams, and combinations of blocks in the blockdiagrams and/or flowchart diagrams, can be implemented by specialpurpose hardware-based systems that perform the specified functions oracts, or combinations of special purpose hardware and code.

The description of elements in each figure may refer to elements ofproceeding figures. Like numbers refer to like elements in all figures,including alternate embodiments of like elements.

FIG. 1 depicts an embodiment of a wireless communication system 100 forreporting and/or receiving monitored parameter information. In oneembodiment, the wireless communication system 100 includes remote units102 and network units 104. Even though a specific number of remote units102 and network units 104 are depicted in FIG. 1 , one of skill in theart will recognize that any number of remote units 102 and network units104 may be included in the wireless communication system 100.

In one embodiment, the remote units 102 may include computing devices,such as desktop computers, laptop computers, personal digital assistants(“PDAs”), tablet computers, smart phones, smart televisions (e.g.,televisions connected to the Internet), set-top boxes, game consoles,security systems (including security cameras), vehicle on-boardcomputers, network devices (e.g., routers, switches, modems), IoTdevices, or the like. In some embodiments, the remote units 102 includewearable devices, such as smart watches, fitness bands, opticalhead-mounted displays, or the like. Moreover, the remote units 102 maybe referred to as subscriber units, mobiles, mobile stations, users,terminals, mobile terminals, fixed terminals, subscriber stations, UE,user terminals, a device, or by other terminology used in the art. Theremote units 102 may communicate directly with one or more of thenetwork units 104 via UL communication signals.

The network units 104 may be distributed over a geographic region. Incertain embodiments, a network unit 104 may also be referred to as anaccess point, an access terminal, a base, a base unit, a base station, aNode-B, an eNB, a gNB, a Home Node-B, a relay node, a device, a networkdevice, an infrastructure device, or by any other terminology used inthe art. The network units 104 are generally part of a radio accessnetwork that includes one or more controllers communicably coupled toone or more corresponding network units 104. The radio access network isgenerally communicably coupled to one or more core networks, which maybe coupled to other networks, like the Internet and public switchedtelephone networks, among other networks. These and other elements ofradio access and core networks are not illustrated but are well knowngenerally by those having ordinary skill in the art. In someembodiments, a network unit 104 may include one or more of the followingnetwork components an eNB, a gNB, an AMF, a DB, an MME, a PCF, a UDR, aUPF, a serving gateway, and/or a UDM.

In one implementation, the wireless communication system 100 iscompliant with the NR/5G protocols or LTE protocols specified by 3GPP,wherein the network unit 104 transmits using an OFDM modulation schemeon the DL and the remote units 102 transmit on the UL using a SC-FDMAscheme or an OFDM scheme. More generally, however, the wirelesscommunication system 100 may implement some other open or proprietarycommunication protocol, for example, WiMAX, among other protocols. Thepresent disclosure is not intended to be limited to the implementationof any particular wireless communication system architecture orprotocol.

The network units 104 may serve a number of remote units 102 within aserving area, for example, a cell or a cell sector via a wirelesscommunication link. The network units 104 transmit DL communicationsignals to serve the remote units 102 in the time, frequency, and/orspatial domain.

In certain embodiments, a remote unit 102 may be used to receive anindication to monitor parameters in an idle mode. In some embodiments,the remote unit 102 may be used to monitor the parameters in the idlemode. In various embodiments, the remote unit 102 may be used totransmit a request to a first base station. In some embodiments, theremote unit 102 may be used to, in response to not receiving a correctresponse from the first base station: perform a cell reselectionresulting in selection of a second base station; and transmit a failurereport to the second base station. In such embodiments, the failurereport may include information corresponding to the parameters monitoredin the idle mode. Accordingly, a remote unit 102 may be used forreporting monitored parameter information.

In certain embodiments, a network unit 104 may be used to transmit anindication to a remote unit 102 for the remote unit 102 to monitorparameters in an idle mode. In certain embodiments, the network unit 104may be used to receive a failure report from the remote unit 102. Insuch embodiments, the failure report may include informationcorresponding to the parameters monitored in the idle mode. In variousembodiments, the network unit 104 may be used to identify a rogue basestation from the failure report. In some embodiments, the network unit104 may be used to transmit an alarm identifying the rogue base station.Accordingly, a network unit 104 may be used for receiving monitoredparameter information.

FIG. 2 depicts one embodiment of an apparatus 200 that may be used forreporting monitored parameter information. The apparatus 200 includesone embodiment of the remote unit 102. Furthermore, the remote unit 102may include a processor 202, a memory 204, an input device 206, adisplay 208, a transmitter 210, and a receiver 212. In some embodiments,the input device 206 and the display 208 are combined into a singledevice, such as a touchscreen. In certain embodiments, the remote unit102 may not include any input device 206 and/or display 208. In variousembodiments, the remote unit 102 may include one or more of theprocessor 202, the memory 204, the transmitter 210, and the receiver212, and may not include the input device 206 and/or the display 208.

The processor 202, in one embodiment, may include any known controllercapable of executing computer-readable instructions and/or capable ofperforming logical operations. For example, the processor 202 may be amicrocontroller, a microprocessor, a central processing unit (“CPU”), agraphics processing unit (“GPU”), an auxiliary processing unit, a fieldprogrammable gate array (“FPGA”), or similar programmable controller. Insome embodiments, the processor 202 executes instructions stored in thememory 204 to perform the methods and routines described herein. Incertain embodiments, the processor 202 may monitor parameters in an idlemode. The processor 202 is communicatively coupled to the memory 204,the input device 206, the display 208, the transmitter 210, and thereceiver 212.

The memory 204, in one embodiment, is a computer readable storagemedium. In some embodiments, the memory 204 includes volatile computerstorage media. For example, the memory 204 may include a RAM, includingdynamic RAM (“DRAM”), synchronous dynamic RAM (“SDRAM”), and/or staticRAM (“SRAM”). In some embodiments, the memory 204 includes non-volatilecomputer storage media. For example, the memory 204 may include a harddisk drive, a flash memory, or any other suitable non-volatile computerstorage device. In some embodiments, the memory 204 includes bothvolatile and non-volatile computer storage media. In some embodiments,the memory 204 also stores program code and related data, such as anoperating system or other controller algorithms operating on the remoteunit 102.

The input device 206, in one embodiment, may include any known computerinput device including a touch panel, a button, a keyboard, a stylus, amicrophone, or the like. In some embodiments, the input device 206 maybe integrated with the display 208, for example, as a touchscreen orsimilar touch-sensitive display. In some embodiments, the input device206 includes a touchscreen such that text may be input using a virtualkeyboard displayed on the touchscreen and/or by handwriting on thetouchscreen. In some embodiments, the input device 206 includes two ormore different devices, such as a keyboard and a touch panel.

The display 208, in one embodiment, may include any known electronicallycontrollable display or display device. The display 208 may be designedto output visual, audible, and/or haptic signals. In some embodiments,the display 208 includes an electronic display capable of outputtingvisual data to a user. For example, the display 208 may include, but isnot limited to, an LCD display, an LED display, an OLED display, aprojector, or similar display device capable of outputting images, text,or the like to a user. As another, non-limiting, example, the display208 may include a wearable display such as a smart watch, smart glasses,a heads-up display, or the like. Further, the display 208 may be acomponent of a smart phone, a personal digital assistant, a television,a table computer, a notebook (laptop) computer, a personal computer, avehicle dashboard, or the like.

In certain embodiments, the display 208 includes one or more speakersfor producing sound. For example, the display 208 may produce an audiblealert or notification (e.g., a beep or chime). In some embodiments, thedisplay 208 includes one or more haptic devices for producingvibrations, motion, or other haptic feedback. In some embodiments, allor portions of the display 208 may be integrated with the input device206. For example, the input device 206 and display 208 may form atouchscreen or similar touch-sensitive display. In other embodiments,the display 208 may be located near the input device 206.

The transmitter 210 is used to provide UL communication signals to thenetwork unit 104 and the receiver 212 is used to receive DLcommunication signals from the network unit 104. In some embodiments,the receiver 212 may receive an indication to monitor parameters in anidle mode. In certain embodiments, the transmitter 210 may transmit arequest to a first base station. In certain embodiments, in response tonot receiving a correct response from the first base station: theprocessor 202 may perform a cell reselection resulting in selection of asecond base station; and the transmitter 210 may transmit a failurereport to the second base station. In such embodiments, the failurereport may include information corresponding to the parameters monitoredin the idle mode. Although only one transmitter 210 and one receiver 212are illustrated, the remote unit 102 may have any suitable number oftransmitters 210 and receivers 212. The transmitter 210 and the receiver212 may be any suitable type of transmitters and receivers. In oneembodiment, the transmitter 210 and the receiver 212 may be part of atransceiver.

FIG. 3 depicts one embodiment of an apparatus 300 that may be used forreceiving monitored parameter information. The apparatus 300 includesone embodiment of the network unit 104. Furthermore, the network unit104 may include a processor 302, a memory 304, an input device 306, adisplay 308, a transmitter 310, and a receiver 312. As may beappreciated, the processor 302, the memory 304, the input device 306,the display 308, the transmitter 310, and the receiver 312 may besubstantially similar to the processor 202, the memory 204, the inputdevice 206, the display 208, the transmitter 210, and the receiver 212of the remote unit 102, respectively.

In various embodiments, the transmitter 310 may transmit an indicationto a remote unit 102 for the remote unit 102 to monitor parameters in anidle mode. In some embodiments, the receiver 312 may receive a failurereport from the remote unit 102. In such embodiments, the failure reportmay include information corresponding to the parameters monitored in theidle mode. In various embodiments, the processor 302 may identify arogue base station from the failure report. In certain embodiments, thetransmitter 310 may transmit an alarm identifying the rogue basestation. Although only one transmitter 310 and one receiver 312 areillustrated, the network unit 104 may have any suitable number oftransmitters 310 and receivers 312. The transmitter 310 and the receiver312 may be any suitable type of transmitters and receivers. In oneembodiment, the transmitter 310 and the receiver 312 may be part of atransceiver.

FIG. 4 is a schematic block diagram illustrating one embodiment of asystem 400 for reporting and receiving monitored parameter information.The system 400 includes a base station 402, a UE in a connected state404 (e.g., RRC CONNECTED mode), a UE in an idle state 406 (e.g., RRCIDLE mode), and a rogue base station 408. As used herein, the basestation 402 may be substantially the same as the network unit 104 andthe UEs 404 and 406 may be substantially the same as the remote unit102.

In some embodiments, a remote unit 102 may desire to send a servicerequest for mobile originated data during a time in which the remoteunit 102 is communicating with a fake base station (e.g., a rogue basestation). In such embodiments, the service request may fail at theremote unit 102 because an authentication vector may not authenticatethe fake base station and/or a connection setup (e.g., RRC connectionsetup) may fail (e.g., due to a timeout).

In certain embodiments, the remote unit 102 may collect relevantinformation in a VarConnEstFailReport at a time of a connection setuptimeout (e.g., such information may include plmn-Identity, failedCellId,measResultFailedCell, measResultNeighCells, locationInfo, and so forth).In some embodiments, a fake base station may broadcast a very highconnEstFailCount value. Accordingly, a number of times that the remoteunit 102 detects a connection setup timer expiring on a same cell beforeapplying connEstFailOffset may be high. In various embodiments, becauseconnection setup timer may be in a timeframe of approximately 2 seconds,a remote unit 102 may keep trying connection requests for up to thetimer timeframe of approximately 2 seconds. In such embodiments, theremote unit 102 may record and/or report a value for connEstFailCountthat is higher than 4. In some embodiments, a failure report may bedeleted by a remote unit 102 at any time.

In various embodiments, in response to a fake base station may not sendresponse messages (e.g., NAS response messages). Accordingly, in suchembodiments, a remote unit 102 may detect (e.g., based on an AUTNparameter) that the base station is fake. In certain embodiments, theonly response message (e.g., NAS message) a fake base station may sendis an identity request that requests an IMSI from the remote unit 102.In some embodiments, the remote unit 102 may record whether it is askedto send the IMSI in circumstances in which a connection (e.g., RRCConnection) has timed out.

In various embodiments, a remote unit 102 may perform a cell reselectionin response to detecting a fake base station and/or may send ameasurement report and/or a failure report with a cause value to a newbase station (e.g., genuine base station, not fake base station) using aVarConnEstFailReport format. In such embodiments, the remote unit 102may add information in addition that includes a connEstFailCount,whether IMSI was requested, and/or other information.

In certain embodiments, a genuine base station may identify a fake basestation based on information in a failure report from a remote unit 102and/or may support an operator (e.g., especially in circumstances inwhich a fake base station is moving to different locations over time).

In various embodiments, a genuine base station may configure an extendedfailure report to be recorded in a remote unit 102 during a time inwhich the remote unit 102 is in a connected mode and/or in an idle mode.In embodiments in which a remote unit 102 is instructed to performextended failure reporting, the remote unit 102 may not delete thefailure report and/or may store the failure report in a secure and/orpermanent manner so that the failure report is not deleted (e.g., notdeleted in response to a user changing the battery) until the failurereport is submitted to a genuine base station. As may be appreciated,extended failure reporting may be reporting that includes moreinformation than standard failure reporting.

In one embodiment, a first communication 410 is transmitted from thebase station 402 to the UE in the connected state 404. In variousembodiments, the first communication 410 includes one or more messageshaving instructions from the base station 402 for the UE in theconnected state 404 to perform measurements (e.g., monitor parameters)in an idle mode (e.g., RRC IDLE mode) and/or to log the measurements(e.g., log measurements corresponding to monitored parameters). In someembodiments, the UE in the connected state 404 may be configured forextended failure reporting. In such embodiments, the base station 402may add a parameter with extFailureReporting=True in the request.

In various embodiments, the UE in the connected state 404 may transition412 to the UE in the idle state 406 and perform measurements asinstructed. The UE in the idle state 406 may move around and performcell reselection with a cell having the best signal.

In certain embodiments, while performing cell reselection, in a secondcommunication 414, the UE in the idle state 406 may transmit one or moremessages to the rogue base station 408. Moreover, the UE in the idlesstate 406 may be unaware that it is camping at a fake base station.

In some embodiments, a third communication 416 is transmitted betweenthe UE in the idle state 406 and the rogue base station 408. In suchembodiments, the third communication 416 may include one or moremessages. While transmitting and/or receiving the third communication416, the UE in the idle state 406 may recognize (e.g., determine) thatit is communicating with a fake base station. In various embodiments,the UE in the idle state 406 may send a service request as part of thethird communication 416 to perform a mobile oriented session setup.Moreover, as part of the third communication 416, the rogue base station408 may attempt to keep a connection (e.g., RRC connection) alive;however, the UE in the idle state 406 may not be able to authenticatethe rogue base station 408 with a fake authentication vector providedfrom the rogue base station 408 to the UE in the idle state 406 and/orthe connection setup (e.g., RRC connection setup) may time out. Incertain embodiments, as part of the third communication 416, the roguebase station 408 may request that the UE in the idle state 406 send itsIMSI to the rogue base station 408. In some embodiments, in response tothe UE in the idle state 406 being configured for extended failurereporting, the UE in the idle state 406 may record a number ofconnection setup time outs and/or whether an IMSI was requested inaddition to normal failure reporting that occurs as a result of aconnection setup timeout.

In various embodiments, a fourth communication 418 is transmitted fromthe UE in the idle state 406 to the base station 402. In suchembodiments, the fourth communication 418 may include one or moremessages. As may be appreciated, based on information recorded by the UEin the idle state 406, the UE in the idle state 406 may determine thatthe currently attached base station (e.g., the rogue base station 408)is believed to be a fake base station. Accordingly, the UE in the idlestate 406 may performs cell reselection as part of the fourthcommunication 418 to select a next best signal. In some embodiments, theUE in the idle state 406 may measure a time that it has camped at therogue base station 408 in the idle mode and/or a time it has spenttrying to get into a connected state. In certain embodiments, the UE inthe idle state 406 may compute (e.g., determine) a confidence levelcorresponding to the rogue base station 408 (e.g., how confident the UEin the idle state 406 is that the rogue base station 408 to which the UEin the idle state 406 is attached is actually a fake base station—theconfidence level may be based on the an idle mode time, a connected modetime, a number of failed connection setups, a broadcasted connectionretry count, whether IMSI was requested while being in the same PLMN,and so forth). In various embodiments, with a high enough confidencelevel, the UE in the idle state 406 may ignore broadcast informationtransmitted from the rogue base station 408 during a time in which theUE in the idle state 406 performs cell reselection. In some embodiments,as part of the fourth communication 418, the UE in the idle state 406may transmit a failure report and, in response to being instructed toperform extended failure reporting, information that includes connectionsetup failure counts, an IMSI requested flag that indicates IMSI hasbeen requested, a number of IMSI requests, a length of time in an idlemode, and/or a length of time spent trying to get in a connected mode.In certain embodiments, portions of the failure report and/or portionsof the extended failure report may be transmitted from the UE in theidle state 406 in a service request NAS message to a control planeentity (e.g., MME, AMF, etc.). In various embodiments, the UE in theidle state 406 may include its calculated confidence level about therogue base station 408 in the failure report.

In certain embodiments, the base station 402 may detect 420 that therogue base station 408 is a fake base station and/or may start an alarmin an OAM system of an operator. Moreover, the base station 402 (e.g.,genuine base station) may immediate change the SIB and include an IDcorresponding to the rogue base station 408 in a black list for camping.As may be appreciated, the rogue base station 408 may change its cell IDfrequently; however, including the ID corresponding to the rogue basestation 408 in a black list for camping may inhibit another UE fromcamping on the rogue base station 408 before the rogue base station 408changes its cell id.

FIG. 5 is a schematic block diagram illustrating another embodiment of asystem 500 for reporting and receiving monitored parameter information.The system 500 includes a base station 502, a UE in a connected state504 (e.g., RRC CONNECTED mode), a UE in an idle state 506 (e.g., RRCIDLE mode), and a rogue base station 508. As used herein, the basestation 502 may be substantially the same as the network unit 104 andthe UEs 504 and 506 may be substantially the same as the remote unit102.

In certain embodiments, a remote unit 102 may become aware of a fakebase station in a variety of different ways. For example, a remote unit102 may become aware of a fake base station by detecting invalidcertificates, using UL monitoring, by checking signed system informationin any SIBS, by monitoring connection setup, by monitoring connectionfailures, and so forth.

In one embodiment, a first communication 510 is transmitted from thebase station 502 to the UE in the connected state 504. In variousembodiments, the first communication 510 includes one or more messageshaving instructions from the base station 502 for the UE in theconnected state 504 to perform measurements (e.g., monitor parameters)in an idle mode (e.g., RRC IDLE mode) and/or to log the measurements(e.g., log measurements corresponding to monitored parameters). In someembodiments, the UE in the connected state 504 may be configured forextended failure reporting. In such embodiments, the base station 502may add a parameter with extFailureReporting=True in the request.

In various embodiments, the UE in the connected state 504 may transition512 to the UE in the idle state 506 and perform measurements asinstructed. The UE in the idle state 506 may move around and performcell reselection with a cell having the best signal.

In certain embodiments, while performing cell reselection, in a secondcommunication 514, the UE in the idle state 506 may transmit one or moremessages to the rogue base station 508. Moreover, the UE in the idlesstate 506 may be unaware that it is camping at a fake base station.

In some embodiments, a third communication 516 is transmitted betweenthe UE in the idle state 506 and the rogue base station 508. In suchembodiments, the third communication 516 may include one or moremessages. While transmitting and/or receiving the third communication516, the UE in the idle state 506 may recognize (e.g., determine) thatit is communicating with a fake base station. In various embodiments,the UE in the idle state 506 may transmit messages similar to the thirdcommunication 416 described in relation to FIG. 4 . In certainembodiments, the UE in the idle state 506 may recognize through itsmonitoring that it is communicating with a fake base station using anysuitable detection method, such as information in the thirdcommunication 516 indicating wrong signed system information, a failedauthentication, wrong certificates, a failed connection setup, or anyother information.

In various embodiments, a fourth communication 518 is transmitted fromthe UE in the idle state 506 to the base station 502. In suchembodiments, the fourth communication 518 may include one or moremessages. As may be appreciated, based on information recorded by the UEin the idle state 506, the UE in the idle state 506 may determine thatthe currently attached base station (e.g., the rogue base station 508)is believed to be a fake base station. Accordingly, the UE in the idlestate 506 may performs cell reselection as part of the fourthcommunication 518 to select a next best signal. In some embodiments, theUE in the idle state 506 may, if instructed, creates an extended failurereport that includes a cause value pointing to the reason: certificatefailure, wrong signature, authentication failure, connection failure,connection setup failure counts, an IMSI requested flag that indicatesIMSI has been requested, a number of IMSI requests, a length of time inan idle mode, a length of time spent trying to get in a connected mode,and/or a computed confidence level that the rogue base station 508 is afake base station.

In some embodiments, the UE in the idle state 506 may perform cellreselection with a next best signal and/or try to perform a connectionsetup. In such embodiments, the UE in the idle state 506 may ignorebroadcast system information from the rogue base station 508. In certainembodiments, portions of the failure report and/or portions of theextended failure report may be transmitted from the UE in the idle state506 in a service request NAS message to a control plane entity (e.g.,MME, AMF, etc.).

In certain embodiments, the base station 502 may detect 520 that therogue base station 508 is a fake base station and/or may start an alarmin an OAM system of an operator. Moreover, the base station 502 (e.g.,genuine base station) may immediate change the SIB and include an IDcorresponding to the rogue base station 508 in a black list for camping.As may be appreciated, the rogue base station 508 may change its cell IDfrequently; however, including the ID corresponding to the rogue basestation 508 in a black list for camping may inhibit another UE fromcamping on the rogue base station 508 before the rogue base station 508changes its cell id.

FIG. 6 is a schematic flow chart diagram illustrating one embodiment ofa method 600 for reporting monitored parameter information. In someembodiments, the method 600 is performed by an apparatus, such as theremote unit 102. In certain embodiments, the method 600 may be performedby a processor executing program code, for example, a microcontroller, amicroprocessor, a CPU, a GPU, an auxiliary processing unit, a FPGA, orthe like.

The method 600 may include receiving 602 an indication to monitorparameters in an idle mode. In certain embodiments, the method 600includes monitoring 604 the parameters in the idle mode. In variousembodiments, the method 600 includes transmitting 606 a request to afirst base station. In some embodiments, the method 600 includes, inresponse to not receiving a correct response from the first basestation: performing 608 a cell reselection resulting in selection of asecond base station; and transmitting a failure report to the secondbase station. In such embodiments, the failure report includesinformation corresponding to the parameters monitored in the idle mode.

In one embodiment, the indication to monitor parameters in the idle modeis received in response to a likelihood of a rogue base station being inan area. In a further embodiment, the parameters monitored in the idlemode include a time in the idle mode during communication with the firstbase station. In certain embodiments, the parameters monitored in theidle mode include a time taken to enter a connected mode duringcommunication with the first base station. In various embodiments, theparameters monitored in the idle mode include a number of attempts tosend a connected mode setup during communication with the first basestation. In some embodiments, the method 600 includes determiningwhether the number of attempts passes a predetermined threshold, and, inresponse to the number of attempts passing the predetermined threshold,determining that a correct response from the first base station is notreceived. In certain embodiments, the parameters monitored in the idlemode include a number of connection mode setup messages that fail due totimeout.

In various embodiments, the parameters monitored in the idle modeinclude a number of identity requests from the first base stationrequesting an international mobile subscriber identity. In someembodiments, the parameters monitored in the idle mode include acomputed confidence level that the first base station is a rogue basestation. In certain embodiments, the method 600 includes ignoringbroadcasted system information from the first base station duringperforming the cell reselection. In various embodiments, not receiving acorrect response from the first base station includes determining asecurity key mismatch, a certificate failure, an authentication failure,and/or a connection setup failure.

FIG. 7 is a schematic flow chart diagram illustrating one embodiment ofa method 700 for receiving monitored parameter information. In someembodiments, the method 700 is performed by an apparatus, such as thenetwork unit 104. In certain embodiments, the method 700 may beperformed by a processor executing program code, for example, amicrocontroller, a microprocessor, a CPU, a GPU, an auxiliary processingunit, a FPGA, or the like.

The method 700 may include transmitting 702 an indication to a remoteunit 102 for the remote unit 102 to monitor parameters in an idle mode.In certain embodiments, the method 700 includes receiving 704 a failurereport from the remote unit 102. In such embodiments, the failure reportincludes information corresponding to the parameters monitored in theidle mode. In various embodiments, the method 700 includes identifying706 a rogue base station from the failure report. In some embodiments,the method 700 includes transmitting 708 an alarm identifying the roguebase station.

In one embodiment, the alarm includes an identifier of the rogue basestation. In a further embodiment, the indication to monitor parametersin the idle mode is transmitted in response to a likelihood of the roguebase station being in an area used by the remote unit 102. In certainembodiments, the parameters monitored in the idle mode include a time inthe idle mode during communication with the rogue base station. Invarious embodiments, the parameters monitored in the idle mode include atime taken to enter a connected mode during communication with the roguebase station. In some embodiments, the parameters monitored in the idlemode include a number of attempts to send a connected mode setup duringcommunication with the rogue base station. In certain embodiments, theparameters monitored in the idle mode include a number of connectionmode setup messages that fail due to timeout.

In various embodiments, the parameters monitored in the idle modeinclude a number of identity requests from the rogue base stationrequesting an international mobile subscriber identity of the remoteunit 102. In some embodiments, the parameters monitored in the idle modeinclude a computed confidence level corresponding to the rogue basestation.

Embodiments may be practiced in other specific forms. The describedembodiments are to be considered in all respects only as illustrativeand not restrictive. The scope of the invention is, therefore, indicatedby the appended claims rather than by the foregoing description. Allchanges which come within the meaning and range of equivalency of theclaims are to be embraced within their scope.

The invention claimed is:
 1. A method comprising: receiving, while in aconnected mode, an indication to monitor parameters of failures during aconnection establishment from an idle mode; in response to receiving theindication to monitor parameters, transitioning from the connected modeto the idle mode; monitoring the parameters in the idle mode;transmitting a request to a first cellular network base station toestablish a connection; and in response to not receiving a correctresponse to establish the connection from the first cellular networkbase station: performing a cell reselection resulting in selection of asecond cellular network base station; and transmitting, from a remoteunit, a failure report to the second cellular network base station,wherein the failure report comprises the parameters gathered during theconnection establishment failure with the first cellular network basestation and the parameters gathered in the idle mode.
 2. The method ofclaim 1, wherein the indication to monitor parameters in the idle modeis received in response to a likelihood of a rogue cellular network basestation being in an area.
 3. The method of claim 1, wherein theparameters monitored in the idle mode comprise a time in the idle modeduring communication with the first cellular network base station. 4.The method of claim 1, wherein the parameters monitored in the idle modecomprise a time taken to enter a connected mode during communicationwith the first cellular network base station.
 5. The method of claim 1,wherein the parameters monitored in the idle mode comprise a number ofattempts to send a connected mode setup during communication with thefirst cellular network base station.
 6. The method of claim 5, furthercomprising determining whether the number of attempts passes apredetermined threshold, and, in response to the number of attemptspassing the predetermined threshold, determining that a correct responsefrom the first cellular network base station is not received.
 7. Themethod of claim 1, wherein the parameters monitored in the idle modecomprise a number of connection mode setup messages that fail due totimeout.
 8. The method of claim 1, wherein the parameters monitored inthe idle mode comprise a number of identity requests from the firstcellular network base station requesting an international mobilesubscriber identity.
 9. The method of claim 1, wherein the parametersmonitored in the idle mode comprise a computed confidence level that thefirst cellular network base station is a rogue cellular network basestation.
 10. The method of claim 1, further comprising ignoringbroadcasted system information from the first cellular network basestation during performing the cell reselection.
 11. The method of claim1, wherein not receiving a correct response from the first cellularnetwork base station comprises determining a security key mismatch, acertificate failure, an authentication failure, a connection setupfailure, or some combination thereof.
 12. An apparatus comprising: areceiver that receives, while in a connected mode, an indication tomonitor parameters of failures during a connection establishment from anidle mode; a processor that: in response to receiving the indication tomonitor parameters, transitions from the connected mode to the idlemode; and monitors the parameters in the idle mode; and a transmitterthat transmits a request to a first cellular network base station toestablish a connection, wherein, in response to not receiving a correctresponse to establish the connection from the first cellular networkbase station: the processor performs a cell reselection resulting inselection of a second cellular network base station; and the transmittertransmits a failure report to the second cellular network base station,wherein the failure report comprises the parameters gathered during theconnection establishment failure with the first cellular network basestation and the parameters gathered in the idle mode.
 13. The apparatusof claim 12, wherein the indication to monitor parameters in the idlemode is received in response to a likelihood of a rogue cellular networkbase station being in an area.
 14. An apparatus comprising: atransmitter that transmits an indication to a remote unit in a connectedmode for the remote unit to monitor parameters of failures during aconnection establishment from an idle mode, wherein the remote unit, inresponse to receiving the indication to monitor parameters, transitionsfrom the connected mode to the idle mode and monitors the parameters inthe idle mode; a receiver that receives a failure report from the remoteunit, wherein the failure report comprises the parameters gatheredduring a connection establishment failure with a cellular network basestation and the parameters gathered in the idle mode; and a processorthat identifies a rogue cellular network base station from the failurereport, wherein the transmitter transmits an alarm identifying the roguecellular network base station.
 15. The apparatus of claim 14, whereinthe alarm comprises an identifier of the rogue cellular network basestation.
 16. The apparatus of claim 14, wherein the indication tomonitor parameters in the idle mode is transmitted in response to alikelihood of the rogue cellular network base station being in an areaused by the remote unit.
 17. The apparatus of claim 14, wherein theparameters monitored in the idle mode comprise a number of attempts tosend a connected mode setup during communication with the rogue cellularnetwork base station.
 18. The apparatus of claim 14, wherein theparameters monitored in the idle mode comprise a number of connectionmode setup messages that fail due to timeout.
 19. The apparatus of claim14, wherein the parameters monitored in the idle mode comprise a numberof identity requests from the rogue cellular network base stationrequesting an international mobile subscriber identity of the remoteunit.
 20. The apparatus of claim 14, wherein the parameters monitored inthe idle mode comprise a computed confidence level corresponding to therogue cellular network base station.